Why use krb5_set_real_time() instead of NTP ?

Andrew Bartlett abartlet at samba.org
Wed May 10 05:10:29 GMT 2006

On Tue, 2006-05-09 at 22:01 -0700, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Luke Howard wrote:
> > Well, you don't have to change the system time (of course whether
> > you securely know what the KDC time is is another matter).
> > 
> >>From the Heimdal code:
> > 
> > /*
> >  * Set the absolute time that the caller knows the kdc has so the
> >  * kerberos library can calculate the relative diffrence beteen the
> >  * KDC time and local system time.
> >  */
> > 
> Luke,
> Maybe I'm being dense here, but is this really the case of
> a user space application working around trying to work around
> an unsynchronized system clock on the client ?

Yes, it is dealing with an unsynchronised clock between itself and the
KDC.  Yes, the admin should have the clocks in sync.  Windows AD
networks run something almost but not entirely like NTP automatically to
avoid this problem.  

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060510/195939e6/attachment.bin

More information about the samba-technical mailing list